EU Data Protection Whitepaper – NeoPost
€0.00 excluding VAT
Daragh O Brien contributed to this 2014 whitepaper by Neopost on the then still pending Data Protection Regulation.
His €0.02 on the forthcoming changes are that:
- Even if an organisation doesn’t have the scale (250 employees) to warrant a formal “Data Protection Officer”, pragmatically it must be someone’s role to be responsible for the governance of personal data covered by the Regulation
- Privacy Impact Assessments will be largely optional, but he’d consider them “recommended practice” for any organisation to make sure that you don’t inadvertently breach the new regulations
- Two years is a very short time to shift culture in organisations from a reactive compliance focus to a risk-managed way of looking at Data Protection. Start now or risk falling foul of the Regulation when it does arrive.
- The need to have a documented system of governance, and evidence of its effectiveness, should be a major wake up call for organisations.
- Non-EU based organisations need to assess the impact on their operations of the supra-jurisdictional effect of the legislation (but hey, Sarbanes-Oxley had similar supra-jursidictional effect so suck it up and get on with addressing the challenges!)